These can be found by going to the Azure Active Directory -> App Registrations -> (app name) -> Required Permissions -> Windows Azure Active Directory in the Azure Portal.

The permissions are:access the directory as the signed in userread all users' basic profilessign in and read user profile

These are all delegated permissions that the interface says do not require Admin authority. Whether or not Admin authority is actually required depends on other AAD settings: Azure Active Directory -> User Settings -> App Registrations.

The control surfaces for Azure seem to change frequently, and these descriptions may become invalid quickly.